From c7401a697f1ee3410b860afd8686f8bb012a8dce Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Fri, 7 Dec 2018 13:11:11 +0100
Subject: Implement SAML2 authentication (#4267)

This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.

What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.
---
 synapse/app/homeserver.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'synapse/app')

diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py
index a03a3e4b8a..1e495a38b9 100755
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@@ -199,6 +199,10 @@ class SynapseHomeServer(HomeServer):
                 "/.well-known/matrix/client": WellKnownResource(self),
             })
 
+            if self.get_config().saml2_enabled:
+                from synapse.rest.saml2 import SAML2Resource
+                resources["/_matrix/saml2"] = SAML2Resource(self)
+
         if name == "consent":
             from synapse.rest.consent.consent_resource import ConsentResource
             consent_resource = ConsentResource(self)
-- 
cgit 1.5.1